What does Data Loss Prevention (DLP) in Office 365 do? It detects sensitive information by using deep content analysis. It can also identify sensitive data without affecting people who work with the rest of the content.
Once they are created, DLP Policies are stored and synchronized to content sources such as:
- Exchange Online
- OneDrive for Business
- SharePoint Online Sites
- Office 2016 desktop programs
Post-synchronization, these policies will start to enforce the required actions.
What Does a Data Loss Prevention (DLP) Policy Contain?
Office 365 includes definitions for sensitive information that are unique to different countries. This information can be credit card numbers, bank account numbers, and passport numbers.
Each sensitive type can be keywords, internal functions, regular expressions, or pattern matches. This helps DLP detection achieve the highest degree of accuracy while also reducing the number of false positives that can interrupt people’s work. DLP policies allow for detection of different types of content within a single policy.
How to Create a Data Loss Prevention Policy
To create a DLP policy, first log into the Office 365 tenant, select Admin centers and then choose Security & Compliance.
Once the Security & Compliance center is loaded, expand the Data loss prevention menu and choose the Policy menu item.
Select the Create a policy button. A wizard interface will load from the right side, where you can set the properties needed for the policy. Choose the industry regulation category, which will display regional and country specific regulations.
Clicking the Financial option will display country specific policies that you can use.
Clicking a regulation will display a short description and the information it protects.
Once selected, click the next button and type the name and description for the policy, then press next. Not every location warrants a policy. You either select “All locations” or pick the locations that you want the policy to apply. You can decide between Exchange email, SharePoint sites, and OneDrive accounts. For SharePoint and OneDrive sites, you can choose sites or accounts as well as exclude some as needed.
Once you have defined the locations, press the next button. Now you can either choose the simple or advanced option. Simple settings make it easy to create the most types of DLP policies without creating rules. Advanced settings use the rule editor to give you control over every setting of your policy. The simple setting option covers most common scenarios.
Even with the simple option, you still need to choose the detection type for the policy you are creating.
Once you choose whether to inspect external or internal content, press the next button. You will need to define policy tips for the end-users. Then, you can set an alert for the number of times a sensitive information type is shared with the same content. Finally, chose whether or not to block people from sharing and restrict access to the content.
You can turn the rule on right away, test it, and show or hide policy tips, or simply not enable it at all.
The End-user Experience
Once you have created and enabled DLP policies, it will start to inspect content. For content within SharePoint or OneDrive for Business, any content that matches the policy is marked with both an icon and changes. It can display policy tips if you allowed them within the policy.
The hover panel for the items will display the policy and indicate if it’s blocked.
When a user clicks the View policy tip, he will see the policy details. He can fix the problem with the resolve button. Fixing the problem overrides the current violation and marks it as normal content.
This is useful for notifying the end-user with alerts if configured within the policy itself. It also makes changes to the presentation of the content so that it is obvious that it’s in violation.
After you create and turn on DLP policies, you need to verify that they’re helping you stay compliant. With DLP reports, you can view the number of policies and rules that match over time, and the number of false positives and overrides. You can filter those matches by location, time frame, and even narrow it down to a specific policy, rule, or action. With DLP reports, you can get business insights and:
- Focus on specific time periods and understand the reasons for spikes and trends.
- Discover business processes that violate your organization’s compliance policies.
- Understand any business impact of the DLP policies.
As well, you can use the DLP reports to fine tune your DLP policies as you run them.
It is well known that the weakest link in any cyber threat control is the end-user. Data Loss Prevention helps control and guard company data and content. By providing notifications and way to resolve issues, it removes some of the worry about the content stored.
For more information about Data Loss Prevention (DLP), contact us today at 877-788-1617, email [email protected]
Receive Top Tips and News on Office 365 Adoption
- November 2018 (2)
- September 2018 (3)
- August 2018 (2)
- July 2018 (2)
- June 2018 (2)
- May 2018 (1)
- April 2018 (2)
- March 2018 (1)
- February 2018 (2)
- January 2018 (3)
- December 2017 (2)
- November 2017 (2)
- October 2017 (3)
- September 2017 (2)
- August 2017 (2)
- July 2017 (1)
- June 2017 (2)
- May 2017 (4)
- April 2017 (2)
- March 2017 (3)
- February 2017 (4)
- January 2017 (4)
- December 2016 (3)
- November 2016 (3)
- October 2016 (3)
- September 2016 (5)
- August 2016 (4)
- July 2016 (4)
- June 2016 (4)
- May 2016 (3)
- April 2016 (1)
- February 2016 (1)
- January 2016 (5)
- December 2015 (7)
- November 2015 (4)
- October 2015 (10)
- September 2015 (7)
- August 2015 (11)
- May 2015 (1)
- April 2015 (1)